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(54) OPEN KEY CIPHERING DEVICE, OPEN KEY CIPHERING AND DECIPHERING 
DEVICE, AND DECIPHERING PROGRAM RECORDING MEDIUM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To guarantee safety, to 
efficiently solve a discrete logarithmic problem, and to 
make the processing quantity the same as before. 
SOLUTION: For add primes numbers (p) and (q), n=p2q 
and (g) are made open and (g) is selected out of (Z/nZ)* 
so that gp=gr-1mod p2 has a location number (p) in 
(Z/p2Z)*; and m+rn is found (110) from a plaintext (m) 
and a random number (r) and C=gm+rnmod n is counted 
by using (n) and (g) to output a ciphertext (120). Then 
Cmodp2 is found for C, (Cp-1)/p=L(Cp) is found, and a 
secret key L(gp)-1mod p is multiplied by L(Cp) to obtain 
a plaintext (m) (200). 
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(57) [#I^Flt^CDfBffl] 

[f»#3sn p. a ^ri^-b- h&v&mmt it , 

fflf (Z/nZ) * ©*#>£. g 0 =g ,, - , mod p* A 3 
(Z/p 2 Z) ' ©*t?©{4»#p tfe^g^SA^ 



gn/c^ ^ftng u ffi»*£jfrr **B»*fefiR#i8 

i, 

[i»#JR2j p. q £ P)-b' -y t-^OH mWl t kl - 
n=p J q ^gJL&MM. P^glM^^_U g. ■ 
n£&£ir£ilSiifrfJ&aifff (Z/nZ) • ©tcC. £0 
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<g„ . c„ < p* ©«JHft*S£&-c > g. =c, = 

1 (mod q_) , g, * 1 (mod pi) &<i&L . ( ( g„ 
-D/p)- 1 modp*g2$&a?gt£U 
0 <C<n©i5Hic*S^-C, n t5C»tC*-CS>SA 
flWHfjgCCCftU ±ga% 1 tMMt pfcJB^T . C mod 

P ! e (z/ p' z) • fcttjrra P s -ajc*Si. 

•€•© p 2 -»c*a©ttJM6*C mod p 1 tcStL- p 1 Z 

_LSd7tC„ SrA^LTL (C. ) = (C. - 1 > /p* 
*<Dffimt£MkL (C„ ) i±IB^2^SHi©a?:±IB 



(2) 

3 

3>fc-a~££&fifegi±Sfc©© ya^Afc§BiiLfc 
a > fc' a - <Q pJftttC »»tf . 

r 3>fc'a~»fe&fiB3g&fc©© ^P^7Afcia&t/ 

fa n > f a - »sg^ast o njfiBftg sisagfo, 

[IM&15] P. q«B»<!:l. n = pqt»liai 
„©,£,G£jil2&g3gi<bL, 

£L% r tc±iaai i &Hfili£ am l , *©teJfttcAjj¥:g: 

r±iBfg 2 nuance »t i-ctf o r wre fflTrr 5 mm 
[iiraoie] p=&^m^(>5). e. zmmm. 

±.<Dflm&1frC*<DF , Wa£©<I&#P £&£&©£ 
U C©F„ -mrnfiLZG, , C„ 
rtt(,»> iU Uni^E, (F.) »6WBttF.^(0 
gffeB%£AAk, * (G. ) "'mod p£«8«<hU 
A* $ ftfcBg-SfjC Cfr, ±lBp^fej:L/-C±§B tgRffii^ 
E. (F.) ©7 cC. K^-TSSTC^Si. 20 
±!BtcC, i±fBp. JbSBttRLftNE. . ±1BK»A* 

a^l-ca (c B ) *n«fis*aw-»#a4. 
±isa (c. ) i. ±e»««*A2>i/-c\ m^om* 

i mm 8 ] 6 tcgBMkfc^BMSatg^a 

« L fc 3 > e ^ - » 0 HJtBtt l3»iaK*. 
[000 1 3 

ffli>*flH»«at. mum. *<omm7u 

[0 00 2] 

a**Bii;a©-c, mzw&KSim-r * 
fc. jHt©*^-e«iP!ii;«fc«w«*'i:*4-r*©"c. 

[0 00 3 ] — AnfitOMtl*. l@JHK£«#tttfa 
fc. S»Sra»tt@#©«^;Ktf*tt«K:«a*"S© 50 



#f^3 4 0 2 44 1 

4 

■c. ^(t<ga-r2>&©raBfcs?&-c$*. bp*.. &m 
<b-z>tcM<Dmm<D?$m&m®L$ti&. £fc. xmrnvs^ 

A©^%^-rn*^^fiSbfc*^^^-r^. c £#tH*tt 
t>. &mttB-f*-c«. *>©*«*- 

r*£fc©. H»riii*MbStifc5t**fP)S6a**© 

[0 0 0 4] BP^. &HM»e^*Jli<,»*iK. f^S*** 
5. &PUII«#». -^tt«0FBB«£PW**i4fc© 

i». — ^^^©twttm*-?****. ^©i£<& 
tt»T**j i/3&>»**>fc#fcfe©*— *i^ftai 

la— a-rscij&jm*^. «t, iFPitt. wtk 

P%fl!iLt, *Rg*f*F B ©«i4»F. ' = 

<g>cc*ji,ir. *©^aaf©7cy* s -^^.6nrc^<!: 
y=g" StxTO <x< p£«§fcir4>©£ 
*»*WH. WT. DLPi*t„ ) . WRgf*±©*fR 

i*©^-TSfE (F.) . *©■— 5©.#.G. MiG-CifiES 
hSE (F. ) ©gP^gf©*P*^A6tl-Ct,^B#, P 
= mG*»yf*-fflttm*^4raiBI. «T. ECDLP 
i*T. (SO. mG«. tlRfle!±©ttIffi-CG?rmeO 
fc*^-r„ tfRft^. S^tlRffiSBf^tcM^Tli. 
Wl^if, Menezes . A. 3M "Elliptic Curve Public Ke 
V Cryptosystems " , Kluwer Academic Publishers (19 
93) fcTF. C©M^MliW) ^£*i. 

-#isj14lia$re*3 5 £^$n-cc>-5,4>©©K*Kj^ 
fc©-c*i9. ?lffitW63iirt>*4»Mliig^©(fT?. R 
m3frr>mmtftti;i><DiZ> RSAB§#. Rabin ©#. El 
Carnal flf#. ffiRft^Bg-^ (tfREIGamal Hg-Sf) j&J^lf 
^hStlbn^. RSABg-^. Rabin Bg-^EJ I FP 
©fit- 5. EIGamal Bf#«. D L P©HL $ . ffRffiiJgl 
Bf^tt. #IR(*±©«nift«©.^©ttr»{C*JW £ElGa 

mai Bt#-c. cn«ECDLP©itL/aic. -en-en* 

[0 00 5] R S ABf-^CCOtirti, Conmunication of 



(3) 



4*8*3 4 0 2 441 
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the ACM. vol.2X pp . 12 0-12 6 (1978) Kl, Rivest, R.L. 
^C<£oT, 44 A Method for Obtaining Digital Signa 
tures and F\iblic-Key Cryptosys terns" <b/St'Tffel&£ 

tixis*) (tn% c®^*#iR2£»rr> , Rabin « 

^COC^^ v MTT , Technical Report. MU/LSC/TR-2 
12 (1979) CC Rabin , M.O.tCi -o *C. "Digital Si gnatur 
es and Public-Key Functions as intractable as Fact 
orization " tMLX^R^tlX^ (fciT, C(7)M 
*30R3i»rr) , ElGamal Bf#tCO^r» I 

EEE Trans. on Information Theory, IT- 31 , 4, p 
p.469-472(1985)CC v ElGamal T. iCjz^X, "A Publi 
c-Key Cryptosystem and a Signature Scheme Based on 
DiscreteLogarithms " ilUrf&S^^rfc!] (£{ 

Miller, V. S. iKoblitz , N. &C«fc->T. 19 
8 5^C&tLlcmm$tltci><DX$>2>1)K Proc.ofCryp 
to'85 , LCNCS 215 , Springer-Verlag . pp. 417-426(1 
985)CCMiller, V. S. lC£-z>X "Use of EllipticCur* 
C-E a (M) =M e (mod n) 
M=Da (C) =C d (mod n) 

xmrnfrz. ccon. M&o<M<n - 1 £»/c-r&e^ 

D t ( Et (M) ) =M 

[0 0 0 8] Rabin Hg#C0«|J5Sffi«^a)iI0 "C*S. 
p, Q, n*±a$©5I9tere9, 5 0<b<n£* 
C = E 2 
M=D 2 



*ves in Cryptography" tMLXIfaRZtl (J^TF. CCD 
Xffi^^B if&vT) , Math.Comp., 4a 177, pp.203 
-209(1987)tU*Koblitz , N. (rCjz-^X "Elliptic Cur 
ve Cryptosystems" iHL/TS&RS tlt^i (fiTF. C 

[0006] ht, iWiccneo^^r^u, 

0t*^ Htt&#3Rttp. q*ilc>\ n, e. 

10 n = p q , 

GCD (e, L CM ( p - 1 , q - 1 ) ) = 1 , 
ed = l (mod LCM (p - 1 , q - 1 ) ) 
CCt, GCD (a, b) « v Sgfca, b ©ftfcSSriRj 
ft. LCM (a, b) tt, ntta. b©*/MM»»*« 

[0 0 0 7 ] (n, e)£SI§^(d. p, q ) «riHK 
itctLT, Hf-^lfc^a (Ex ) (D, ) * 



(1) 
(2) 



(3) 

★ »fc-rS»b*WS. (n, b) *£B 
*8tf«iUt, BHtfbteS (E, ) . 
(D, ) * 

(M) =M (M+b) (mod n) (4) 
(C) = (- b ±<T (b 2 +4C))/2 (mod p frOmod q) (5) 



Iff, (P. 



q) 



rflT^> 0 Rabin WW. a#ttKi£fi#85£*JS< 

ccttHo©jB*s3ihT#r, ±©**r«:a#* s — *«c 30 
Lx^m-r&ctbm&zL, — *cca#m*sj:5K: 

Sfcfclfc Vol.J70-A, NO. 11, pp. 1632 -1636(1987) 

C= (C, . C, ) =E 3 (M) 

C t =s r (mod p) 

C 2 = y r M (mod p ) 

M= D, (C) =C 2 /C, x mod p 



ElGamal H»©«aitKX©iH) p %3R 

It p*ffi4UWS»WI*«W <Z/pZ) ' © 

-o<d£j3ot; % fi|J%, <S«#p- l©7G<bU 0<x< 
pfc4»»x*ffi«0CflM, Y-& x (mod p ) <hfc 



< 0 COB*, (y, g, 
t, ^#ft®S (E, ) 



p) £&HMt x*f»«il 
, a#«9 <D, ) * 

(6) 
(7) 
(8) 
(9) 



M=D 3 (E, (M) ) 
3M0BW*. MRl&1MN» («R ElCamalBt-^) <D«^c 



F P , 4 a 3 + 2 7 b' * 0 ) , tfRftJBLt<DF P 

C= (Ct , C, ) =E 4 (M) 
C» =rG, 



♦ [0009] M3»o<M<pr*n«. 

(10) 

*(D&mtl2>i><D±?i>o 0<x<qft4ffiI©fiMK 
D % E (a. b) ±©S0SrP = xG<!:«. C(7)B^ 
(p, E (a, b) , G, P, q) *AH& xOtttt 
«i l/r«f#{b«Hl ( E 4 ) * a#ffi9 (D 4 > * 

(n) 
(12) 



(4) 



Jf*F3 4 0 2 4 4 1 
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C, = r P + M 

M=D, (C) = (C, -xC, 
-cm&Z. CC-C, r»0<r <qft«fcTff.W.©$g& 

+mw. x -mmmtte&tm$iU±<D&t£. r p <t 

/2^*#i?£^£) . fSje.^OD. A &C*iI©*g 

iWftS&T MtC * &fIB!©7i:gt#fBft WBT & C i (C<t 
oT. StC. :^gtt«fttt»nUfc&©ftX-ffi1gH(:#o 

[0010] &«c. ±&<D^<D5tW.&t,cr>^-c&'< 
RS ABg^©ti-gt««, Bg^bMS- m^MS^it 

CC\ kfct&&8iln©fc'* FSt?:Ititl,„ Rabin Bg 

#©ftns«. Bt#{t«iii(ik j ©*-#--?. mm* 

Siik 5 C©k<b&BHttn© 
t'^ r&ft*lf *>©£?"£ = 

[0011] ElGanal Bg*|©|tJlfiW:> Bg-^{t^S. ffl 
^giSCCk J <D*-f--C^-C#-So CCT> k 

se.cc. tfRftant-^©fti?*«:, femmm. 

•*>. CCt, k«<2rlBi|-C*?>SR?Sp©t*^ h^fCS>S 

[0012] X-y-x-ftMrtZteh. ±i£©BgWlt 

zct<<zw*>fr-e&2>. JIBS. «Rffi«±©flDi*«. 
05E«»r*4«R#K:*jW**tt© 1 0fiMII&l$mtf 

@«cc#ffiT£ h. 3«c. ^«i*#©&»#©*-f:/ 
zm*)) . -e©0g <*©a^iit*) ftte^ci^it 

3h. -e-*i£>©tif*Sftfc£&cl / -C. BWi-r*Bf-9** 

[0013] ?t, -ec-r. cti^ofrmzTvic. ±m 
©Rawtt^HSW ^©s^*tc ot> r a?^ s c £ tc-r 

££. RSAflW. Rabin B§-^©«fc5fc I FP©»l/3 



(13) 

0>X-8t0 (14) 

arc***«p. q^^o, lcm(p-i. q- 
i) jWH-*w*r. «a«d#i*aben. &±t,cnmz 

tlXLt^f. CC-C, LCM ( p - 1 . q - 1 ) ft. n 

iiStKir^sci^tP^Sftr^s,, EP%. p. q* 5 

»j6> * a "C. LCM (p-1, q-l)£*»4 
C£tttti*fct>. RSABg-SftJ. &ia&n*JR 

rt>4*l. Rabin Bg-^ft55£flSR"f Slin 

RSABfr**«iw-*c£w: i f pftjg< cttm 

fflT&&*>£ '^&i*fif?£ - e&&# i . Rabin B§#©3£^ 
JHRO:. I FPftJKK C££WC*ac£*sSEijliS*i 
tl>4. (±»©jB«iaWfc. I FP£3?ffiT;fcSC£ 
#SSESI§3ttTt,»£) C ©Rabin ©*Sm«. &£>S:fcfcJ& 
^ (4-©*i^> I FP) 3WiLt>T*5 5i<R3tf * 
C£tcJ:-?T, «S^*£«©££tt*«Bi!lilil**C£ 

20 £*fltf>T^Lfc*>©-e&£,, <%•©*§£. ±&©&ga^Bi 

£*5. 1 F P©^U3^{5SU/c±-C. fEHJ5nfcC£ 
SrSWcL/rt**. §P»fi?I^K:MU-C«. RSABg-^. Ra 
bin Bg-^itCC. B§#S:C*>6. ¥3tM©*Tfetr v Y % 

*sffiEWS*lt:i»S. C©^H(i, SIAM Journal of Comp 
utinq , 17, 2. pp.449-457(1988){C:te(,>"C\ Alexi , 
30 W. IPCC<fc-3-C, "RSA and Rabin Functions : Cert 
ain Patrs Are as Hard as the Whole" iHL-TifeRS 

^(C, ElGamal Bg#©^tt{C -51^^*4*5, CtlB 
DLP©StL/3tC5S-^<Bf-^T*5©t?. DLP^IBW 
n«. <2:^il (y. g. p) ^SSSIxJ&s**?. 
n. PR$n-CLS-5„ L/*>U ElCamal Bf#©fgRj!»s 

DLPiisi tgffitcit u^tf>£ -5 3^»aEI« 3 nr 

PHitc, 1fRft^Bf#(cotit4>. ECDLPilsl 

testes! Lt -5 *>«nw 3 nrnftt*. 
40 [0014] ««W*>-3*fflW«:&BB««f -^k:-^ 

«©S^tt3WHMm*iaM«Bi^tt. Rabin Bg#£^ 
©^fiL/J&>*oe>tirt,^j:C». 0*9, H«14?r^x.4 
£, — ^(S)ttlta^£L<r-3*>jt4 4>©«. IFP, DL 
P<tECDLP(4L/*^64ir^< . C4i65rjg-^rif 
r^LFj *fP0. *ti*fflt>"C*4«©5S^tt© 
Mm <D-o i, >tcffi L I, >&M»&? '> ^ f A ft fP 4 C £ «— 
o©RgST&4. 
[0015] 

so [«W3w»i*i/j:5fr*iiwi] ±a©«fc5Jc. 



(5) 



1tf*3 4 0 2 44 1 
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-^WfibtttlFP, DLP^ECDLPfitl 

S«©5£±14**SEIBSftri»SW#«, Rabin Bf-Sfi * 

[0016] C©»«01Btt. — *l^lttH»i LtB 
I FP*m>tt*66. frOl* r*(,FJ *Jfb>T. I 
FP*sj»bt>-C*4 5i«r>5<R5e«:36-3*. Slbftgc* 

[0017] 

[ISiS£8?&-r£fctf>©3MS:] JWfrffJfCfct. t©££HJ« 
~«li©iai3^Bt#SliS*^^S. P. q £-o©sg 
Silt. n=p ! qiLfci*. n£££ LfcBE#J#J 

<Z/n Z) •±-C-^RS$n^4>CDt 1 n = pq 
iltei*. n*ttil/»d|ftWiraiZ/nZ±r36«S 

^Sj infO\ %4f£ r«Rft*K:*r5<4»BWS^ 

[0018] WBBRttF. ±©«Rft»r v fiBBfcWp© 
<{>©£ anomalouslfRfti^iP^^CitC-r^. C© ano* 
T= {xG (Z/p' Z) • I 

(z/p j z) • Kfet*£MikamMtt. isoic 
5, #j(t«:idiLi>iSMir**iflice.nr^-c. «*© 

L (x) = (x- 1 ) /p. xG r 
L(ab)=L(a)+L(b)modp 



* malousMnttflLJbOtttt^ftiqjH^*(C^$ll< If© 
tH3fe£C Smart.N.P.fCi-^r, " The Discrete 

Logarithm Problem on Elliptic Curves of Trace one, 
preprint(September,1997)" tC*$l>T (tTF. C<D$M 
9 t $HT > . feff^f P^tC <fc o T . " Fenmat Quo 
tient and the Polynomial Time Discrete Logarithm f 
or Anomalous Elliptic Curves, preprint(September, 19 
97) " tC*$(,»T (JWT. CGXfcttfcfclKl OiW) . 
■ett-eft&titCf&RSft-C^S,, C© anomalouslfRffi 

[0019] ftcc. «#©lftS:4i"C^*3h'rt»4c i 

tut, &sa©i¥©p-syiow s&ftmicisrt zmmite 

MB**. ^te^A<»tf*£l»9<8S***4. CC 
■C. p-SylowSB#E¥£». fKJttf. =SIR8H*i^*.<&ft 
H©gP^gf©'TJ-C. (4»*Sp©rtli&5t> 
©©* -CS4>{a»*s^#& fc©£H©p-Sy-|ow SP^g^i 
C©#feBJf«. C©4>SS©fflf©p-Sy1ow SP5J-i=f 

20 SIT. *4*©S^tt«DiEW36«-3W6n-5. »rU»& 
M»«r#*att"r4. 

[0 02 0] p^ISiU. P J £j££L.rcg&&SiJ 
4^3* (Z/p 2 Z) ' K*«,»T. -^©p-Sylow 

&©«fc5fc«W£ : 
x = 1 (mod p ) } (15) 

*© <fc 5 a r ±jai s nrcw»%#^. e : 



(16) 

ffit©a, beriC>PtLT 
(17) 

EP^. xer, m£0<m<p#>?> 



6F„ ^©»£L/-C©IHSf3f«£*-^il-CtiSC£fe^ 
S. C©L©ft@a«, p©tr ? rgfcSrk i-fftCik 1 

L (y) = L (x" ) =mL (x)mod p 
<t&&©t\ L (x) *0mod pX&tilt 

m = L (y) /L (x) mod p (19) 
£« »*A<*ft4Ci*lB*4. x, y*»6. mfc* 4o4Fj *J*fiRtti*. *Lb>2MNMPt#*aHi*&. £ 



ffiSiO. y = x- ifc^T. x. y*>e>m£jfc«>sra 
S(COL^r«, 5£ (17) *P& 



(18) 



*€>ft»S«. pOt'^lMkitixfl k 3 ©*- 

[002 1 ] COtt»*fflt»*ltf. *<trl/t» r«L ♦ 
(Z/nZ) ■ ~ (Z/p 1 Z) ' 

~rx (z/pZ) 

«. &,TXm#>Z>tlZ> : ge (Z/n Z) ' Tg, = g 
mod p 2 erA5L(q 0 )*0mod v ZffitcT b<D& 
n, g. kZGsmmfirZ. CCX. k». 

C = g""" mod n 



• 111**. "3gRBf#" . pp. 15. S^S* ( 1 9 
9 7 ) «#J& C©3t^^XiS»; 1 1 J: D 

X (Z/q Z ) - (20) 

• X (Z/q Z) • (21) 
*p, q©fcTu> h^£-r^>. ¥3tm^0<m<2 k - 1 frh 
WLZUmHtSTZt. r=&Z/nZ^6fiES(caX0. Bg 



(22) 



11 



A<*©«tB^**«>*Ci*ai*. mte0<m<2* 

Cp ^C"- 1 mod p 2 

i-rna. c P ertfto, ±ssLiH«*fflt»Ti!t»s* 

HP%> IFPi«(t»5C44iSWt#S. 

[0022] coaw© tmamicmrt< ^wuunm 

if r . ffi n r rtiilf ®(D/c^<D}g^SP^^*^T &fiHK 
mod nT'CDlJ^ftgL^tf^, n - rftSff-»8a> 

E o : y 2 = x 3 + a, x + b p 
(a, . b 0 EF P 
£ a : y 2 =x 3 + a fl x + b q 
(a, . b n £F fl 
a = a p mod p , b = b 0 mod p . a = a Q mod q „ b 
= b. mod q&Sa* *BA*J^^S <fc 0 mod n* 

E„ : y 2 = x 3 + ax + b (a, 
+ 2 7 b 2 , n) =1 

E n = CE D , E 0 3 , a= Cap 



(6) #1*3 4 02 44 1 

12 

* k_1 ©35HK:*S©"C, mod p "Ct*— Xtt£2 9 , Ltc 

(23) 

*«£tH-r& 0 —7?. tram*. ffip 2 rcop-imtt 
raw*, mmt^mmm^tez. 

[0 0 2 3 ] C<DBW<D r«p]AflUCS^<&H 

— o©*»p. q*K0. n=pqiU F B v F Q Jr. 



©fitRft^E, 



4a, 



+ 27b { 



*0) 



(24) 



4 a fl 3 +27b Q 2 



* 0 ) . (25) 

Z/n Z±-CS*S*lfc«niB« 



bGZ/nZ, GCD (4a 3 
) (26) 

, a, ), b=(b B , b. ) (27) 



E n = (E p mod p, E 0 mod q) (28) 

[0 02 4]4, Ep « anomalousti E 0 tta fcOilt^, ktt, *»p, q©^7 hftitS. 

nomalous-Cttt^flinftlliirSc C©£#> ±j£© C©££, ¥Xm^ 0 <m< 2 kl *6BK*CiCcr* 

ffiSK:K^<fiH»e-*R«j <fcH«fCn. E n t E n t % r £ Z/n Z*>6tiEXtCRQ . BS#fb*^C"C5E«&S 

(Z/n Z) ©jSG. k*fiH8iltfc<. flU G*30 

C=(m+rn)GeE n (Z/nZ) (29) 



^as^rmod pat, Ep (f, > ©«s<dih©w« 

■MtlBRTiCitt, teffimnt anomalousffRft 
Ut anomalous-Cttl»flinft»^e)*HA*J^3£S*ffl 
t^f#6n^Z/nZ±OW8E n , 6 

*5C<fc#aE9J"C*S. IP%, CCDn, E n -€-©ffi 
■LL©j£G^A&ftfc&*, n*JRB»»IBt5BH 

*, mmm&frmmm (arnt MiFPii-rc 

t»fcBH-*JWRr*Citt, MIFPi9it*6Ci 

[0 0 2 5 ] C<DRW<D rtfRft^cS^< &HftBf# 

E„ (Z/n Z) Kz*j»Srfl*tWcofc»<DJB 
»»»*4fiSr*fS»^flE». E n (Z/nZ) rcDrfl 50 



sr^ssnfces#x*a«H«a«:sa-r4. at 

-EfSHEtt:. E n (Z/nZ) ©j**Ep (F p ) ©*CC 
^&-r&mod p-JH5E8i, E p (F ( ) CC*$WS«« 

[0 02 6] 

( 1 ) SiO^K 
^*^P, q^ffi^CCiiO', n=p 2 qit^o fe/c 
U p, QOtr^ URttBIDrkiT*. */c. GCD 

(p. q-D = i *«fci/n»str 

[0 0 2 7 ] 5 g^: (Z/nZ) " (O^iPh. S 

p =g p " 1 mod p 2 ^ (Z/p 2 Z) ' ©*"C©fiHR# 
Pitt* T^d:, ±a>©K^L-CL 



(7) 



13 



14 



(g P ) *Omod pjwsa-r*. sssl (z/ P j z) 

• ©4rr?G><a»#p <ttc4fe©« 1 + k pmod p 2 (k 

ttprwnttio u/c^otL (i + kp) = 

( (l + kp) - 1 ) /p = k * Omod p i&S*>6t 
>#A&Cg* (Z/nZ) * *>6jlA4, L (g p ) ^ 

omod ptte&mmtei - < i/p) ng£^*.e>n£ 

TL (gp ) - l mod p«r*63^D»tf-»LT*y< C<htC*10 
C = g B * rn mod n 

( 3 ) «#«J3 

Bg-^S:C(D€«^ (30) CDMi22£, fWtip- lit 
i>t, mod n"C<D^im^i, mod p* "C4>^il * 



[0 0 2 8 ] fifoT, (n. g, 

q) zmsmt-rz. cctL 

( 2 ) BMHtftn 
¥5m (ffiU 0<m<2 k " 1 ) 
r £0^r <n<Dffiffi^6SO\ 

[0 0 2 9] 



#1^3 4 0 2 44 1 



k) *&ffiM (p. 
( g p ) _1 mod p 



m+ r n ZutWL, 



(30) 

*U g p mod p 2 CO(iSl«P"C*0, 
$>otg 8 rn = 1 ±Sr£rt>e>, 



rnttpOfiftt? 



p-l __CP-l)Co+rn) -— 



= s 



C„ =C 



= g i 



Xg, r "mod p ! = g, ' mod p ! 



mod p 1 



C. 



C„ = g„ " mod p 2 

L (C ) =L (g„ ■ ) =mL (g„ ) mod p 



(31) 



(32) 



(33) 



(34) 



m=L (C ) /L (g„ ) nod p 

[o o 3 o 3 fie-a-c. «^*Bi*ffli-r-5£. *-r. m 
^xctcator. 35 (32) tc, *w-*u (c 

0 ) £ft#U &«K1L (C. ) t. *>6*>D»ft»L. 
T*J< C<taUH*4L (g„ ) ^mod p £©mod p"C© 

a%mora^ni*s. 30 

[0031] r*j£8¥fc«-3< fiKa»g#^gj 

TSC££, n£*atfc#JBTSC£*i|S!ffir&SC£ 

-i>©t\ cct«, ^©«l©**aEW-rs : 

*"C«mr4TiUrfyXAAff«E"J-Stt6«. n £jRB 40 

*¥*dW^3B3WIBr =1 V Xi, ESffi* 
■5" (CCT. ±a>© "n to«,»W*-e*fS» 

A^A*n©t'-^ n»«^^c*-y-aa««jjEi/ii 

>; X A© C if**. «T\ H«OttC>**r*. MS 

tteat*. £BK i i 

7>^A(cg6 (Z/nZ)' £jIA,-e. C©#£ 

w©fiMae#*ai©^5^-f tor. j«a-c*tti» so 



(35) 

^AtCiS-Scif?. xmod p LCM (p - 1. q - 1 ) © 

fflB$©jS*©lt#tctli-C< 5. m+ r nK*fT£. m + 
r n modp LCM (p-l, q-1) ©^-^©^tt. M 
«-C*4**-C*SCi*»iEWC**. tot, Z/n 
Z^e^^^AtCx^ilO*. C = g" mod nT'ttgLStl 

*5, x<2'- 1 ft3«Iffl©8fc£fcSW^«&»T'#S© 
•C. Stea•C^^^,>fi^'Cx>2 k - , iUTJ:< > 
£, x = x„ (mod p) . x„ <2'" 1 <fc9. x 

sx, (mod n ) #^Jj££ £ & 9 . Ltctf-oX^ GCD 
(x-x, , n) %ftgC-r€.i. C©(ffilip. pq, p 

4. Milt, n©^^ \-m<D¥-%}m&m3&rm-cm 

[0 03 2] iXtC r«Rft«{C*^J < ^HB§#^ 

(*F„ ±© anomalous1BRft«E±©{BltS{*f»raja£ 

-e©F„ P^^e.*lfc<h#. P = m 

Gi&5m£Z/pZ4#»5Ci-C*5*s. SSAT 
;WJXA(J, ±-Cfc^fc3&J. anoma1oustlRSi®± 



15 

f*F p ±_<D anomaloustfRtt^r&n^ pCDfc:'^ h£fc 
4kiUt 4 ItHStek 3 cD*-#-T*&£^fft&T 

4 : 

SSA7J^''jXA 
A^J: (G, P, E) 
ffl^J : m 

»MH1 E*Z±tCj*ft±Cffc«nft*E' "C\ E (F 
q ) ^6F, ^0?tA E ' iWft?«{C3Sr6&t» 10 

(G) , A E ' (P) %ft»l (Ctxttk 3 <D*-#-* 
E„ : y 2 = x 3 +a„ x + b B 
(a 0 , b D EF„ 

E, : y 2 



(8) «FBlF3 4 0 2 4 4 1 

16 

*-CHH*5) , m — A E ' (P) / A E ' (G) modp£ 
ttff-r* (Ctltt, k 3 <D*-#-vm%:2>) 

iJXA<Dft#»2k 3 (D*-#--C*£. CCD 
A E ' 0\ E (F P ) *e»F, ^©S¥£LT©l5I3!¥tfe 

1 0 *#JH. $/cp ffi 5 wrr^ntf S S A t;^ 
l J XA*ffll>5 C 4 ft < 5»*Wfc)Btf 4. 

( i ) mo^f& 

p v qOt'^ h»»Eli;rki-r4. ^tC. F„ ±<D a 
nomalousff RffiiSSlEp , F 0 ±<D anomalousT'&^ff R 



4 a, 3 +27b„ 2 *0 ) 



20 



= x 3 + a Q x + b„ 
(a fl , b< eF t 
(IU #E„ (F B ) =p, #E, (F, ) = fl ' =q 
+ l-t (-2V~Q < t<2f q , t*l. q' * p ) 

^«/c-r<t-ra e #«^cdtc («*) 

3#frC t anomalous«Rfti»0^fiECCOliT«, ffl*. 

IEICE Trans. Fundamentals, E76-A.1, PP. 50-54(199 
3) &C:fc>C>*C\ "Elliptic Curve Suitable for Cryptoq 
raphv" tmbX, Miya.ii, A. tc J: 9 iftS 3 ftT I > ^ 

E n :v 2 =x 3 +ax+b(a f b € Z/nZ,GCD(4a 3 +27b 2 ,n)=l) 

E n - CE p .E g J 

G= CG P . G a 3 

[0 0 3 3 ] SSA7^yXA4ffll>t, & 

#>A E p' (G B ) ""mod p^rft^Lrfc< o Ctlfettig 
«©— o£bT**.T£l». fcTF\ flMtofcabtC, CCD 
?MAif<. f£^T> (n, E„ , G, k) Z&ffl 
(P, q) «r«S«ir*. CCT\ E 0 . E a , ★ 

C= (m + r n) G€E n (Z/nZ) 
{IU cWt tfRfi^En ±(DM££BH>t\ ,£G£ * (3) 

r*4Citca*. T&*>^ ~o<DZ/n ZCDTuCDifl 

(*Atl^B, C= (Cx, Cy) , Cx, 
CyGZ/nZ) # 
C„ = (m+ rn) G„ = mG, 
ttS. anomalous tf RfliKKtett SSttJ*t^R?S^^ 

Sft& e ccr, c= [Cp . c fl ] tfcc^c. ♦ 

A (Cp ) =A (mGp ) =mA 



+ 27b c 



*0) 



(36) 



(37) 



4a s J 

^^>o (JHT. C©S3K«r*lttl 2i*r) S6fc. E p 

(f d ) , e 0 (F a ) s^co.^Gp , G fl r, isasofi 

ord(G p ) =p, ord(G a ) =q' tt S 4> CD 5rS-& 4 {S 
STSo CCt, E. (F, ) tt k — *CC«jBH8Wctt 



a = (a p .a B J , b = [b B .b„ ] 



A (Gp ) 



(38) 



(39) 



(40) 

l mod pi>W%$m±2ZHXi><£ 



★ G P , G 

( 2 ) Bf -^{t^SI 
¥Xm (fflU, 0<m<2 k - a ) tc^Lr, *r. SlJfc 

[0 03 4] 

(41) 

Bg-^fcCtD^ilS; (4 1) Offi2^r. -en-e4lmod p £ 
T&£, rn«p©»ar*-5trnG inodp = 0i6 

GE B (Fp ) (42) 

♦ [0 03 5 ] {SotSSA7^yXA4ffl^tmB* 

(Gp ) mod p (43) 



BPfc 



50 



(9) 
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m= A (C„ ) /A (G„ ) nod p 

[oo36]^^r, mmumzmmtzt. t-r. Bg 

*£Cte*Jt/C. C = C„ mod p4Bt*U (C 
„ ) fi&tCA (C 0 ) i. *6»tftJtfl 

•€$$< Ci#UB3fc-5A (G. ) "'mod p£©mod pt?© 

( 3 ) rt»pjft»c8-?< £MMrettBJ 

< &B)«Bg#S|g j «:^ncii, &Mfll(n. E 10 
. . G. k) &k»91ft«b*6ne£B0k&ttr£C&*s 

[0 0 3 7 ] n *#Ra-C*ttl>W*'C3RH»»«fJ-*T 

xa«t#s©-c, CCtli, ;*©*?!©.& £SEBJ3 
t& : " rt|Rft««:36-3<aH»«#*sHj **8»r 

$ % R-r h r >\s =f y x a b ?? a-r «. 
n tiBR^sw^iAimrA'd y xa^« 20 
fiSta*-s>" (cct, _kj$© "n£Mrt-#&(,>ffig*r 

•5. **&5£*tt. 1 1 *#«D 

<%\ £f££S[n ( = pq) m6ntl>5it5 
i, z£Z/n Z#>e>-7>#AKjI.&£t, zmodLC 
M ( p - 1 . q - 1 ) <D5rtHt > ©&g8g|Bg-!f 
fAK*»4. Bg^{bMffiBS©j£#©ftliUCtQT< S, 30 
m + r n CCjfcfT , m+ r n modp q ' ©^Tfc©:!!^ 
MIt?#£5l^r*&C£j&>iejl't , #£o Z/ 
nZ*>e>7>2 , Aftz£jiO t < C = zGGE„ (Z/n 

z) -c§tJ?£ftfccw:. M«r#fet»BisrBg-^^:fc 

i. T-fl^yXABttiSiau C&c*H--5¥:£z 0 £tH 
^JT-So z#. z <2 k - 1 tcilKDfttb&ilf 
*lt8l-C*tt«,»«*Tz >2 l '- , il 
r=fc<. tSi, z=z„ (mod p) . $7c, z 0 <2 
'- , ±9. zs Zo (mod n) 9. L7c# 

GCD (z-z, , n) %H«f5i, CfflKJ 40 
p££c9. n£5&H$tfWJrrSC£a*lH*S. Mil 
•C, n © t a©¥W?aOTIt-Sl^Sffl* 

[00 3 8] ^fc. c©^bj© r^eftcfcwssrata 

eft.©. *»wcco^rsi9irs. *r«. raasic 

H 1 {Cth-T «t "5 K. Bg 1 0 0 £ffi#§£g2 00*5 
0 «. Jg^t^SP HOtftn -COrtJftgtlSS 12 0?: 50 



#1*3 4 0 2 44 1 

18 
(44) 

*rr. a»*W2 o o«. r-*8ss2 1 o £isstfc*t$! 

MffigP2 2 0£WT&o 
[003 9] Bg-Sf<b^g 1 0 0 -C<DBf-9fbAfflS»C 

■W-CBMBTS. Bg-Sffb^gl 0 0KfcW4Ji»&SE« 

i i o©f**ffl*BK^-r. ffiK^iSffii i o«. Bg^t 

g|gl 0 0®PJfflt^6ft (m) SLIfc 
£&S1 1 UmSreZ/nZt^t, Cft£3t 
JW1 12KA*l/t, rn4ftJ*U cn?:»ffgl 

1 3(cA^3b"Cm+ r n£tt££U C©f§m£n -rfifit 
ff»«l 2 0CcA7JbT, Bg#£C = g" ,rn mod n££ 
SETS. 

[0 040] #(t. a^-«S2 0 0 t©a#S!!IK-9U 

-cBwrrs. o occ*$tt£r-^&g2 1 o 

©Sffl*12BKiSt. $rc. 8ttfe*r^W^SP2 2 0© 

if mzm 4 fc^-r . a«t£s 2 0 0Ktetnr- £&ap 

2 i oii. a(B@«3 o o*>e.. Bg^x (O %swi 

&<i, mod p' -S7CS2 1 1 T'Cmod p 2 £tt@l/ . 
C©ffi*r-SBftS2 1 2KA*(yT. C„ =C' , - , mo 
d p' *IH|tU. C.*(ili*«WBffiai.2 2 0CCA*-S- 
gtffc*f&IS?&9$2 2 0B, r -^feSP2 10*6C 
B t«tf44t. *ft£, *tifcl+t?«i2 2 HCA73L. 
L (C. ) 49WrS. ^(C ch*. *JHB2 2 2«: 
A^)L,L (Co ) XL (g. ) "'mod ptitirs. C 
©ffl^r. HtmS«BftSP2 2 0 (ia^^mi Urffi^ 

[0041] rttpqft^^s-^ < fiMWHSi 

*5S^*7n-T. Bg#$SS4 0 0 tMM5 0 0 
@i^6 0 0KJ:»)«»Stl"CI,»4. BS#ffc««4 0 0 

t*. ists&im* i o <t e. - rM^itms4 2 o 

f. I^gg5 0 0 mod p -®tcS5 lOiSSA 
[0 04 2] *r. Bf^b^g4 0 o r©us#fb«HlK: 

ot^-cisH^-r^o Bt#{tsg4 o 0K.*svzim£jm 

4 1 0©tt*ffl*B4AtCin-r. 4 10B. Bg 

<Wb»«4 0 0 (m) *56Wi*i. 
aR£AI4 1 ltta.KrEZ/nZtjt£dtf. Cft 
*»«tB4 1 2(CA*0r. rn£tmU Cft6tt© 
H4 1 3(CA^)Lrm+ r n«H*U C©i^m?:E„ 
-rtJ^I+SLS4 2 OtcA^lU-C, Bg#SCC= (m+r 
n) G*£jS.-TZ>. 

[0 04 3 ] «#^g5 00T©a^«ffllC^> 

■Clft^-rS. '«f M 5 0 0 KteW 5 S S A TJl'a 'J X 
2 0 ©!¥f.ffl£l2 4 BtC^-r. «^S5 OOKii 
W-Smod p 1 01*. iiffi|5IM6 0 0*^6. Bg 

#t(C) Co =CmodpeE 

o (F, ) £ttt*U C. *S SAT;U=f'JXASB5 2 
0{CA^-ri>o S SATJU^'U XASP5 2 0 tt. mod p 



(10) 



iff 3 4 0 2 44 1 



19 



20 



Ht£5 2 liCXtlL, A (C. ) MUTTS. 3Cie. C * 

n*. mn$s5 2 2k:a^la cc„ ) x a (g. > - l 

mod piMM"*. C©ffi£, S SA7M ';XAgP5 
[0 044] 

[3MI3©*')*] feLhl^cfciMc. c©WHtcJ:*i 

[0 045] BJJMta&S, {t^^OfrfMHigStC. k 



[0 1 ) C©fPJ© rjRffiS«:*-3<4»B«BS^Bj 

■r^a ? £0„ 

[S2] a «h i *©jgK^as i i o (DMtmtmm 
nmzmrzru -j t>m, Btt0i4>©r-^&952 1 o 

fW*&8?i£SP2 2 0 ©Rft:fl««m^t^a ? i> 
0-C&So 

[03] C©»9i© r«Rft^(c«^<^P3g|Bf-^« 
SJ icfc^SBf^gRO-a-^tlg©S*)teW©m« 

[04] Attl9 3$©ffift£jittP4 1 0©AttttfiM&lf 
f$M&7ff$-?u v t?m. B«0 3*©SSAT;U3"'JX 
ASB5 2 0©*«sW«t6»aJ«*^^B » *0-C£> 



1 ] 



[02] 



m m % 



m 



100 



41 * j£ « 



-110 I 



m + rn 



&fst5]*fc 300' 



■pa 



J 



1 — n , g 



C = g mi - rn mod n 



v-210 



pS p-1 



■W220 



m 



H — LtgpPmod p 



200 



L — 110 

'111 [ ^«C^^ 



112 



[ J | 8 » h " 3 



Jm+r n 
(120M 



B 



{120^'i) 



P 2 - 

P 2 , P-i- 



210 



■Jmod p 2 -lt7cS& 



| C mod p 



211 j 

jcp^C^modp 2 
(220 M 



n 



(210 ^'J) 



221 



t UCp) .^222 



-220 



if 



•L(g p rmocip 



| m = L(Cp)x L(gp)' 1 mod p 

mm%^ ) B 2 



(11) 



4 0 2 441 



[B3 3 



m 



a fic £ * as 



.-400 
410 ! 

- n 



m + r n 



600 " 



420 



J 



C-(m + r n)G 
510 



[ 



C p = C mod p 



1 P, E p , A(Gpfmodp 



m 



500 



B3 3 



[04] 



B 



CjPlffl^'J) 
m 



r- 



^410 





-411 






r 


^412 













142C\) 



R 
L [ 



(510«**J> 
Cp 



-520 



521 



p» Ep, A 



MCp) 



522 



p f A(Gp)~ 1 modp 



Jm = A(Cp)x AtGpT'modp 



(58)H£L/fc#»CInt.a. 7 . DB2) 
G09C 1/00 620 
J I CST7? 4 )V ( J O I S) 



